NAME
login_krb5 —
provide KerberosV authentication
type
SYNOPSIS
login_krb5 |
[-s service]
[-v login=yes|no]
[-v notickets=yes|no]
[-v invokinguser=user] user
[class] |
DESCRIPTION
The login_krb5 utility implements the
KerberosV authentication mechanism. It is called by
login(1), su(1),
ftpd(8), and others to authenticate the user
with KerberosV.
The user argument is the user's name to be authenticated.
The service argument specifies which protocol to use with the invoking program. The allowed protocols are login, challenge, and response. (The challenge protocol is silently ignored but will report success as KerberosV authentication is not challenge-response based).
If invokinguser is set and the user argument is root, the principal invokinguser/root will be used for authentication.
If the notickets argument is equal to “no”, the default value, and the login argument is equal to “yes”, then the ticket will be saved in a credentials cache.
The class argument is ignored for compatibility with other login scripts.
login_krb5 will prompt the user for a
password and report back to the invoking program whether or not the
authentication was successful.
LOGIN.CONF VARIABLES
The login_krb5 utility uses the following
krb5-specific /etc/login.conf variables:
| Name | Type | Description |
| krb5-noverify | bool | Failure to verify credentials against a local key is not considered a fatal error. |
FILES
- /etc/login.conf
- login configuration database
SEE ALSO
login(1), passwd(1), su(1), login.conf(5), ftpd(8), kerberos(8), login_krb5-or-pwd(8)